Harbor私有仓库部署与配置-http

Harbor私有仓库部署与配置-http

Harbor 是一个开源的云原生镜像仓库,用于存储和分发容器镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源 Docker Distribution。作为一个企业级私有 Registry 服务器,Harbor 提供了更好的性能和安全。

1. 准备工作

  1. 下载 Harbor 离线安装包

Harbor GitHub releases 页面下载离线安装包,例如 harbor-offline-installer-v2.11.0.tgz

  1. 安装 Docker 和 Docker Compose

确保目标机器上已经安装了 Docker 和 Docker Compose。

2. 安装部署

harbor-offline-installer-v2.11.0.tgz 上传到待部署机器并解压:

bash 复制代码
[root@k8s ~]# tar xf harbor-offline-installer-v2.11.0.tgz
[root@k8s ~]# cd harbor
[root@k8s harbor]# ls
common.sh  harbor.v2.11.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare

配置 Harbor:

shell 复制代码
[root@k8s harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s harbor]# vi harbor.yml

编辑 harbor.yml 文件,根据实际需求进行配置:

yaml 复制代码
hostname: 192.168.0.159   # 部署机器的ip,也可以是域名
...
http:
  port: 80  # http端口
...
harbor_admin_password: Harbor12345  # web界面admin密码
...
database:
  password: root123 # 后端数据库root密码
...
data_volume: /data/harbor  # 数据存放路径
...

如果只部署http服务的话,需要禁用https,否则会将http请求重定向到https:

yaml 复制代码
...
# https related config
#https:
  # https port for harbor, default is 443
#  port: 443
  # The path of cert and key files for nginx
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path
  # enable strong ssl ciphers (default: false)
  # strong_ssl_ciphers: false
...

加载镜像和启动 Harbor:

shell 复制代码
# 创建存放数据的目录
[root@k8s harbor]# mkdir -p /data/harbor

[root@k8s harbor]# sh install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 26.1.4

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.27.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.11.0
Loaded image: goharbor/harbor-db:v2.11.0
Loaded image: goharbor/nginx-photon:v2.11.0
Loaded image: goharbor/trivy-adapter-photon:v2.11.0
Loaded image: goharbor/redis-photon:v2.11.0
Loaded image: goharbor/registry-photon:v2.11.0
Loaded image: goharbor/prepare:v2.11.0
Loaded image: goharbor/harbor-portal:v2.11.0
Loaded image: goharbor/harbor-log:v2.11.0
Loaded image: goharbor/harbor-jobservice:v2.11.0
Loaded image: goharbor/harbor-registryctl:v2.11.0
Loaded image: goharbor/harbor-exporter:v2.11.0


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[+] Running 9/0
 ✔ Container harbor-portal      Removed                                                      0.0s
 ✔ Container harbor-jobservice  Removed                                                      0.0s
 ✔ Container registryctl        Removed                                                      0.0s
 ✔ Container harbor-core        Removed                                                      0.0s
 ✔ Container redis              Removed                                                      0.0s
 ✔ Container harbor-db          Removed                                                      0.0s
 ✔ Container registry           Removed                                                      0.0s
 ✔ Container harbor-log         Removed                                                      0.0s
 ✔ Network harbor_harbor        Removed                                                      0.0s


[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[+] Running 10/10
 ✔ Network harbor_harbor        Created                                                      0.0s
 ✔ Container harbor-log         Started                                                      0.4s
 ✔ Container harbor-portal      Started                                                      1.2s
 ✔ Container registry           Started                                                      1.0s
 ✔ Container harbor-db          Started                                                      0.8s
 ✔ Container redis              Started                                                      1.2s
 ✔ Container registryctl        Started                                                      0.8s
 ✔ Container harbor-core        Started                                                      1.4s
 ✔ Container harbor-jobservice  Started                                                      1.7s
 ✔ Container nginx              Started                                                      1.7s
✔ ----Harbor has been installed and started successfully.----

说明:

当前机器如果存在同名的容器,也会导致harbor部署失败,例如redis,nginx等。部署之前停止可能冲突的容器。

3. 检查部署情况

  1. 查看 Harbor 服务状态
shell 复制代码
[root@k8s harbor]# docker ps
CONTAINER ID   IMAGE                                               COMMAND                  CREATED          STATUS                   PORTS                                   NAMES
cb5c79df4e4c   goharbor/harbor-jobservice:v2.11.0                  "/harbor/entrypoint...."   3 minutes ago    Up 3 minutes (healthy)                                           harbor-jobservice
39486ae87f17   goharbor/nginx-photon:v2.11.0                       "nginx -g 'daemon of..."   3 minutes ago    Up 3 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
09098205ec51   goharbor/harbor-core:v2.11.0                        "/harbor/entrypoint...."   3 minutes ago    Up 3 minutes (healthy)                                           harbor-core
0e968a41d58c   goharbor/redis-photon:v2.11.0                       "redis-server /etc/r..."   3 minutes ago    Up 3 minutes (healthy)                                           redis
8552f9919837   goharbor/harbor-db:v2.11.0                          "/docker-entrypoint...."   3 minutes ago    Up 3 minutes (healthy)                                           harbor-db
4985901e00f5   goharbor/harbor-portal:v2.11.0                      "nginx -g 'daemon of..."   3 minutes ago    Up 3 minutes (healthy)                                           harbor-portal
9c297f67dd64   goharbor/harbor-registryctl:v2.11.0                 "/home/harbor/start...."   3 minutes ago    Up 3 minutes (healthy)                                           registryctl
e0d91f7bfd29   goharbor/registry-photon:v2.11.0                    "/home/harbor/entryp..."   3 minutes ago    Up 3 minutes (healthy)                                           registry
3c06f80eb9f0   goharbor/harbor-log:v2.11.0                         "/bin/sh -c /usr/loc..."   3 minutes ago    Up 3 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log
  1. 访问 Harbor Web 界面

打开浏览器,访问 http://192.168.0.159,使用配置文件中设置的管理员用户名(默认是 admin)和密码登录。

docker默认使用https连接仓库,添加如下配置使用http仓库:

shell 复制代码
[root@k8s ~]# cat /etc/docker/daemon.json
{

  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
        "https://registry.docker-cn.com",
        "https://registry-1.docker.io",
        "https://registry.hub.docker.com",
        "https://mirror.baidubce.com",
        "https://ccr.ccs.tencentyun.com",
        "https://wnsrsn9i.mirror.aliyuncs.com"
    ],
   "insecure-registries": ["192.168.0.159"]   # 添加的配置
}

[root@k8s ~]# systemctl restart docker  # 重启生效

# 测试登录正常
[root@k8s ~]# docker login -u admin -p Harbor12345 http://192.168.0.159
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
  1. 推送镜像测试
shell 复制代码
[root@k8s ~]# docker tag nginx:1.27.0 192.168.0.159/library/nginx:1.27.0
[root@k8s ~]# docker push 192.168.0.159/library/nginx:1.27.0
The push refers to repository [192.168.0.159/library/nginx]
3cf30c944fca: Pushed
16d40ad06803: Pushed
cf1614267117: Pushed
e5ec4dd3995c: Pushed
e8186e892c11: Pushed
a9a1ca1cae25: Pushed
1387079e86ad: Pushed
1.27.0: digest: sha256:9d1cac272a1ff8c4f4d6607940f179c9716b28c956231e61ae40a63990400c15 size: 1778
[root@k8s ~]#

说明:

library为harbor默认自带的项目,根据自己使用需求创建自定义的项目存放容器镜像。

4. 常见问题排查

  1. 确保防火墙允许 Harbor 端口
bash 复制代码
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
  1. 检查 Docker 和 Docker Compose 版本

确保安装的 Docker 和 Docker Compose 版本满足 Harbor 的最低要求。

  1. docker登录仓库被拒绝
bash 复制代码
[root@k8s ~]# docker login -u admin -p Harbor12345 http://192.168.0.159
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://192.168.0.159/v2/: dial tcp 192.168.0.159:443: connect: connection refused
相关推荐
茶馆大橘1 小时前
微服务系列五:避免雪崩问题的限流、隔离、熔断措施
java·jmeter·spring cloud·微服务·云原生·架构·sentinel
北漂IT民工_程序员_ZG1 小时前
k8s集群安装(minikube)
云原生·容器·kubernetes
coding侠客2 小时前
揭秘!微服务架构下,Apollo 配置中心凭啥扮演关键角色?
微服务·云原生·架构
2301_806131368 小时前
Kubernetes的基本构建块和最小可调度单元pod-0
云原生·容器·kubernetes
大卡尔9 小时前
Reviewbot 开源 | 为什么我们要打造自己的代码审查服务?
devops·code review·静态检查·工程效率
极小狐11 小时前
驭码上新,AI Code Review、基于代码库的知识问答,让研发起飞
gitlab·devsecops·devops·极狐gitlab·安全合规
licy__12 小时前
Docker 基础命令简介
docker·云原生·eureka
0_1_bits15 小时前
【系统设计】高效的分布式系统:使用 Spring Boot 和 Kafka 实现 Saga 模式
spring boot·后端·云原生·架构·kafka·linq
探索云原生16 小时前
GPU 环境搭建指南:如何在裸机、Docker、K8s 等环境中使用 GPU
ai·云原生·kubernetes·go·gpu
蚊子不吸吸21 小时前
DevOps开发运维简述
linux·运维·ci/cd·oracle·kubernetes·gitlab·devops